The combination of device and user authentication is called “Two Factor” authentication. Enterprises already have this mechanism in place for remote users connecting through computers. RSA SecurID® or similar mechanism is the de facto way of enabling “two factor” authentication. Two Factor authentication requires a user to key in a special pass phrase or key that is displayed on a Secure Token. This token is typically issued by the company and is carried by the employee all the time. The token is linked back to token authentication server in the company. When the employee wants to login to corporate services, he/she must supply the pass phrase or key, which changes periodically, to ensure that only the employee is requesting the service. The supplied input data is validated against the authentication server and if the match occurs, the employee is granted the service. RSA tokens and RSA server are widely deployed two factor authentication mechanisms in corporations.
This above-mentioned technique works well for computer terminals as there are client applications built to accept the two factor authentication. There is, however, no client or user interface to allow two factor authentication on Internet Protocol (IP) user-end devices. Unlike traditional phones that are always tied to a physical wire connected to PBX/Switch, the new breed of IP user-end devices are IP enabled and thus provide portability and mobility. For example, an employee can carry an IP user-end device from his work and plug it into Ethernet connector at home and can access an entity's network. This flexibility enables businesses or other entities to deploy these phones to tele-workers, road warriors, consultants, partners and other. On the other hand, it makes these entities vulnerable to theft, attacks, and abuse.
Computers connected to an IP network are open to many forms of attacks and threats, such as DoS/DDoS floods, fuzzing/malformed messages, reconnaissance attacks, spoofing attacks, MIM attacks, stealth call attacks, rogue media, anomalous behavior, and/or SPAM. Similarly, IP user-end devices are vulnerable to these same types of attacks and threats. As a result, there is a need for a system, method and apparatus for authenticating and protecting an IP user-end device.